From e6fbb8fe13f8fe7cc6c146522e70b88fdffacc50 Mon Sep 17 00:00:00 2001 From: mguessan Date: Mon, 11 Apr 2011 10:19:31 +0000 Subject: [PATCH] Doc: document custom certificate authority handling git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@1661 3d1905a2-6b24-0410-a738-b14d5a86fcbd --- src/site/xdoc/sslsetup.xml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/site/xdoc/sslsetup.xml b/src/site/xdoc/sslsetup.xml index 1a75f6e9..c4b9dc7d 100644 --- a/src/site/xdoc/sslsetup.xml +++ b/src/site/xdoc/sslsetup.xml @@ -51,6 +51,17 @@ davmail.ssl.keystorePass=password]]> +

+ Custom certificate authority +

+

Most users rely on the interactive accept certificate dialog to handle non public certificate authorities. + However, this will not work with an Exchange server cluster with a different certificate on each server. + In this case, you need to update global Java truststore with the custom certificate authority: +

+ keytool -import -alias root -keystore /path/to/jre/lib/security/cacerts -trustcacerts -file rootca.crt -storepass changeit -noprompt +

+ Client certificate +

In most cases, using https in OWA url is enough to secure communication between DavMail and Exchange. However, with Exchange servers setup to require mutual authentication, you will have to register your client certificate in DavMail settings, either through PKCS11 (smartcard) or file certificate. @@ -84,7 +95,7 @@ name=NSS library=softokn3 nssArgs="configdir='/path/to/firefox/profile' certPrefix='' keyPrefix='' secmod='secmod.db' flags=readOnly" slot = 2 -]]> +]]>

Another one for Coolkey (see Coolkey for Debian and United States Department of Defense Common Access Cards):